[exo-jcr-commits] exo-jcr SVN: r2529 - in jcr/trunk/exo.jcr.component.core/src: test/java/org/exoplatform/services/jcr/impl/core/security and 1 other directory.
do-not-reply at jboss.org
do-not-reply at jboss.org
Thu Jun 10 04:41:16 EDT 2010
Author: tolusha
Date: 2010-06-10 04:41:16 -0400 (Thu, 10 Jun 2010)
New Revision: 2529
Added:
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestSecurityRepositoryManagment.java
Removed:
jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java
Modified:
jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java
Log:
EXOJCR-778: Protect the main methods of a repository since they are critical: addItemPersistenceListener, configWorkspace, createWorkspace, internalRemoveWorkspace, setState, getConfiguration.
Modified: jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-09 14:10:00 UTC (rev 2528)
+++ jcr/trunk/exo.jcr.component.core/src/main/java/org/exoplatform/services/jcr/impl/core/RepositoryImpl.java 2010-06-10 08:41:16 UTC (rev 2529)
@@ -69,6 +69,8 @@
private static final RuntimePermission GET_SYSTEM_SESSION_PERMISSION = new RuntimePermission("getJCRSystemSession");
+ private static final RuntimePermission MANAGE_REPOSITORY_PERMISSION = new RuntimePermission("manageRepository");
+
/**
* Repository descriptors.
*/
@@ -158,6 +160,13 @@
*/
public void addItemPersistenceListener(String workspaceName, ItemsPersistenceListener listener)
{
+ // Need privileges to manage repository.
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(MANAGE_REPOSITORY_PERMISSION);
+ }
+
PersistentDataManager pmanager =
(PersistentDataManager)repositoryContainer.getWorkspaceContainer(workspaceName).getComponentInstanceOfType(
PersistentDataManager.class);
@@ -188,6 +197,13 @@
*/
public void configWorkspace(WorkspaceEntry wsConfig) throws RepositoryConfigurationException, RepositoryException
{
+ // Need privileges to manage repository.
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(MANAGE_REPOSITORY_PERMISSION);
+ }
+
if (isWorkspaceInitialized(wsConfig.getName()))
{
throw new RepositoryConfigurationException("Workspace '" + wsConfig.getName()
@@ -232,6 +248,12 @@
*/
public synchronized void createWorkspace(String workspaceName) throws RepositoryException
{
+ // Need privileges to manage repository.
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(MANAGE_REPOSITORY_PERMISSION);
+ }
if (isWorkspaceInitialized(workspaceName))
{
@@ -257,6 +279,13 @@
*/
public RepositoryEntry getConfiguration()
{
+ // Need privileges to manage repository.
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(MANAGE_REPOSITORY_PERMISSION);
+ }
+
return config;
}
@@ -425,6 +454,13 @@
*/
public void internalRemoveWorkspace(String workspaceName) throws RepositoryException
{
+ // Need privileges to manage repository.
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(MANAGE_REPOSITORY_PERMISSION);
+ }
+
WorkspaceContainer workspaceContainer = null;
if (isWorkspaceInitialized(workspaceName))
{
@@ -569,6 +605,13 @@
*/
public void setState(int state)
{
+ // Need privileges to manage repository.
+ SecurityManager security = System.getSecurityManager();
+ if (security != null)
+ {
+ security.checkPermission(MANAGE_REPOSITORY_PERMISSION);
+ }
+
switch (state)
{
case ONLINE :
Deleted: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java 2010-06-09 14:10:00 UTC (rev 2528)
+++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestGetSystemSession.java 2010-06-10 08:41:16 UTC (rev 2529)
@@ -1,83 +0,0 @@
-/**
- * Copyright (C) 2010 eXo Platform SAS.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-
-package org.exoplatform.services.jcr.impl.core.security;
-
-import java.security.AccessControlException;
-import java.security.PrivilegedExceptionAction;
-
-/**
- * @author <a href="mailto:andrew00x at gmail.com">Andrey Parfonov</a>
- * @version $Id$
- */
-public class TestGetSystemSession extends BaseSecurityTest
-{
- public void testGetSystemSessionSuccess()
- {
- PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- repository.getSystemSession();
- return null;
- }
-
- };
- try
- {
- doPrivilegedActionStaticPermissions(action);
- }
- catch (AccessControlException ace)
- {
- fail("Must be able get system session. We are under static permissions");
- }
- catch (Throwable t)
- {
- t.printStackTrace();
- fail();
- }
- }
-
- public void testGetSystemSessionFail()
- {
- PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- repository.getSystemSession();
- return null;
- }
-
- };
- try
- {
- doPrivilegedAction(action);
- fail("Must not be able get system session.");
- }
- catch (AccessControlException ace)
- {
- // OK
- }
- catch (Throwable t)
- {
- t.printStackTrace();
- fail();
- }
- }
-}
Added: jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestSecurityRepositoryManagment.java
===================================================================
--- jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestSecurityRepositoryManagment.java (rev 0)
+++ jcr/trunk/exo.jcr.component.core/src/test/java/org/exoplatform/services/jcr/impl/core/security/TestSecurityRepositoryManagment.java 2010-06-10 08:41:16 UTC (rev 2529)
@@ -0,0 +1,431 @@
+/**
+ * Copyright (C) 2010 eXo Platform SAS.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+
+package org.exoplatform.services.jcr.impl.core.security;
+
+import org.exoplatform.services.jcr.config.WorkspaceEntry;
+import org.exoplatform.services.jcr.core.ManageableRepository;
+import org.exoplatform.services.jcr.impl.dataflow.serialization.TesterItemsPersistenceListener;
+
+import java.security.AccessControlException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * @author <a href="mailto:andrew00x at gmail.com">Andrey Parfonov</a>
+ * @version $Id: TestGetSystemSession.java 2521 2010-06-09 11:50:54Z nzamosenchuk $
+ */
+public class TestSecurityRepositoryManagment extends BaseSecurityTest
+{
+ private static String testWorkspaceName = "testWorkspace";
+
+ public void testGetSystemSessionSuccess()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.getSystemSession();
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedActionStaticPermissions(action);
+ }
+ catch (AccessControlException ace)
+ {
+ fail("Must be able get system session. We are under static permissions");
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testGetSystemSessionFail()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.getSystemSession();
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedAction(action);
+ fail("Must not be able get system session.");
+ }
+ catch (AccessControlException ace)
+ {
+ // OK
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testAddItemPersistenceListenerSuccess()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.addItemPersistenceListener(workspace.getName(), new TesterItemsPersistenceListener(session));
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedActionStaticPermissions(action);
+ }
+ catch (AccessControlException ace)
+ {
+ fail("Must be able add listener. We are under static permissions");
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testAddItemPersistenceListenerFail()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.addItemPersistenceListener(workspace.getName(), new TesterItemsPersistenceListener(session));
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedAction(action);
+ fail("Must not be able add listener.");
+ }
+ catch (AccessControlException ace)
+ {
+ // OK
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testConfigWorkspaceSuccess()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ WorkspaceEntry defConfig =
+ (WorkspaceEntry)session.getContainer().getComponentInstanceOfType(WorkspaceEntry.class);
+
+ WorkspaceEntry wsConfig = new WorkspaceEntry();
+ wsConfig.setName(testWorkspaceName);
+
+ wsConfig.setAccessManager(defConfig.getAccessManager());
+ wsConfig.setCache(defConfig.getCache());
+ wsConfig.setContainer(defConfig.getContainer());
+ wsConfig.setLockManager(defConfig.getLockManager());
+
+ repository.configWorkspace(wsConfig);
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedActionStaticPermissions(action);
+ }
+ catch (AccessControlException ace)
+ {
+ fail("Must be able config workspace. We are under static permissions");
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testConfigWorkspaceFail()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ WorkspaceEntry defConfig =
+ (WorkspaceEntry)session.getContainer().getComponentInstanceOfType(WorkspaceEntry.class);
+
+ WorkspaceEntry wsConfig = new WorkspaceEntry();
+ wsConfig.setName(testWorkspaceName);
+
+ wsConfig.setAccessManager(defConfig.getAccessManager());
+ wsConfig.setCache(defConfig.getCache());
+ wsConfig.setContainer(defConfig.getContainer());
+ wsConfig.setLockManager(defConfig.getLockManager());
+
+ repository.configWorkspace(wsConfig);
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedAction(action);
+ fail("Must not be able config workspace.");
+ }
+ catch (AccessControlException ace)
+ {
+ // OK
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testCreateWorkspaceSuccess()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.createWorkspace(testWorkspaceName);
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedActionStaticPermissions(action);
+ }
+ catch (AccessControlException ace)
+ {
+ fail("Must be able create workspace. We are under static permissions");
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testCreateWorkspaceFail()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.createWorkspace(testWorkspaceName);
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedAction(action);
+ fail("Must not be able create workspace.");
+ }
+ catch (AccessControlException ace)
+ {
+ // OK
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testInternalRemoveWorkspaceSuccess()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.internalRemoveWorkspace(testWorkspaceName);
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedActionStaticPermissions(action);
+ }
+ catch (AccessControlException ace)
+ {
+ fail("Must be able remove workspace. We are under static permissions");
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testInternalRemoveWorkspaceFail()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.internalRemoveWorkspace(testWorkspaceName);
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedAction(action);
+ fail("Must not be able remove workspace.");
+ }
+ catch (AccessControlException ace)
+ {
+ // OK
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testSetStateeSuccess()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.setState(ManageableRepository.OFFLINE);
+ repository.setState(ManageableRepository.ONLINE);
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedActionStaticPermissions(action);
+ }
+ catch (AccessControlException ace)
+ {
+ fail("Must be able set state. We are under static permissions");
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testSetStateFail()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.setState(ManageableRepository.OFFLINE);
+ repository.setState(ManageableRepository.ONLINE);
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedAction(action);
+ fail("Must not be able set state.");
+ }
+ catch (AccessControlException ace)
+ {
+ // OK
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testGetConfigurationSuccess()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.getConfiguration();
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedActionStaticPermissions(action);
+ }
+ catch (AccessControlException ace)
+ {
+ fail("Must be able get configuration. We are under static permissions");
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+
+ public void testGetConfigurationFail()
+ {
+ PrivilegedExceptionAction<Object> action = new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ repository.getConfiguration();
+ return null;
+ }
+
+ };
+ try
+ {
+ doPrivilegedAction(action);
+ fail("Must not be able get configuration.");
+ }
+ catch (AccessControlException ace)
+ {
+ // OK
+ }
+ catch (Throwable t)
+ {
+ t.printStackTrace();
+ fail();
+ }
+ }
+}
More information about the exo-jcr-commits
mailing list